#!/usr/bin/bash -e

(( EUID == 0 )) && { echo >&2 "This script should not be run as root!"; exit 1; }

# -------------------------------------------------------------------------------------------------------------------- #
# OPTIONS.
# -------------------------------------------------------------------------------------------------------------------- #

OPTIND=1

while getopts "d:c:h" opt; do
  case ${opt} in
    d)
      domain="${OPTARG}"
      ;;
    c)
      cert_path="${OPTARG}"
      ;;
    h|*)
      echo "-d [domain] -c [cert_path]"
      exit 2
      ;;
  esac
done

shift $(( OPTIND - 1 ))

[[ -z "${domain}" ]] || [[ -z "${cert_path}" ]] && exit 1

# -------------------------------------------------------------------------------------------------------------------- #
# INITIALIZATION.
# -------------------------------------------------------------------------------------------------------------------- #

init() {
  create_dirs \
    && domain_httpd \
    && domain_nginx
}

# -------------------------------------------------------------------------------------------------------------------- #
# DIRECTORIES.
# -------------------------------------------------------------------------------------------------------------------- #

create_dirs() {
  mkdir -p "$( pwd )"/{.auth,.log,.tmp}
  mkdir -p "$( pwd )"/.tmp/php/{opcache,session,upload,wsdlcache}
  mkdir -p "$( pwd )/domain/public_html"
  mkdir -p "$( pwd )/subdomain"
}

# -------------------------------------------------------------------------------------------------------------------- #
# HTTPD DOMAIN.
# -------------------------------------------------------------------------------------------------------------------- #

domain_httpd() {
  user="${USER}"
  group="$( id -gn "${user}" )"
  cat > "$( pwd )/apache2.${domain}.ssl.conf" <<EOF
# -------------------------------------------------------------------------------------------------------------------- #
# VirtualHost: ${domain}
# -------------------------------------------------------------------------------------------------------------------- #

<VirtualHost 127.0.0.1:8081>

  # ------------------------------------------------------------------------------------------------------------------ #
  # Meta.
  # ------------------------------------------------------------------------------------------------------------------ #

  AssignUserID                          ${user} ${group}
  ServerAdmin                           webmaster@localhost
  DocumentRoot                          "$( pwd )/domain/public_html/"
  ServerName                            ${domain}
  ServerAlias                           www.${domain}

  # ------------------------------------------------------------------------------------------------------------------ #
  # Directory.
  # ------------------------------------------------------------------------------------------------------------------ #

  <Directory "$( pwd )/domain/public_html/">
    Options -Indexes +FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  # ------------------------------------------------------------------------------------------------------------------ #
  # PHP.
  # ------------------------------------------------------------------------------------------------------------------ #

  php_value session.save_path           "$( pwd )/.tmp/php/session"
  php_admin_value upload_tmp_dir        "$( pwd )/.tmp/php/upload"

  # ------------------------------------------------------------------------------------------------------------------ #
  # SSL.
  # ------------------------------------------------------------------------------------------------------------------ #

  SSLEngine                             on
  SSLCertificateFile                    "${cert_path}/.acme/cert/${domain}/cert.pem"
  SSLCertificateKeyFile                 "${cert_path}/.acme/cert/${domain}/privkey.pem"
  SSLCertificateChainFile               "${cert_path}/.acme/cert/${domain}/chain.pem"

  # ------------------------------------------------------------------------------------------------------------------ #
  # Log.
  # ------------------------------------------------------------------------------------------------------------------ #

  ErrorLog                              "$( pwd )/.log/error.${domain}.log"
  CustomLog                             "$( pwd )/.log/custom.${domain}.log" combined

</VirtualHost>
EOF
}

# -------------------------------------------------------------------------------------------------------------------- #
# NGINX DOMAIN.
# -------------------------------------------------------------------------------------------------------------------- #

domain_nginx() {
  cat > "$( pwd )/nginx.${domain}.ssl.conf" <<EOF
# -------------------------------------------------------------------------------------------------------------------- #
# VirtualHost: ${domain}
# -------------------------------------------------------------------------------------------------------------------- #

server {

  # ------------------------------------------------------------------------------------------------------------------ #
  # Server name & IP.
  # ------------------------------------------------------------------------------------------------------------------ #

  listen                                443 ssl http2;
  server_name                           ${domain};

  # ------------------------------------------------------------------------------------------------------------------ #
  # Logs.
  # ------------------------------------------------------------------------------------------------------------------ #

  access_log off;

  # ------------------------------------------------------------------------------------------------------------------ #
  # SSL.
  # ------------------------------------------------------------------------------------------------------------------ #

  ssl_certificate                       "${cert_path}/.acme/cert/${domain}/fullchain.pem";
  ssl_certificate_key                   "${cert_path}/.acme/cert/${domain}/privkey.pem";
  ssl_trusted_certificate               "${cert_path}/.acme/cert/${domain}/chain.pem";

  # ------------------------------------------------------------------------------------------------------------------ #
  # Location.
  # ------------------------------------------------------------------------------------------------------------------ #

  location / {
    proxy_pass https://127.0.0.1:8081/;
  }

  location /.well-known/acme-challenge {
    alias "${cert_path}/.acme/challenge";
  }

}

# -------------------------------------------------------------------------------------------------------------------- #
# VirtualHost: www.${domain}
# -------------------------------------------------------------------------------------------------------------------- #

server {

  # ------------------------------------------------------------------------------------------------------------------ #
  # Server name & IP.
  # ------------------------------------------------------------------------------------------------------------------ #

  listen                                443 ssl http2;
  server_name                           www.${domain};

  # ------------------------------------------------------------------------------------------------------------------ #
  # Logs.
  # ------------------------------------------------------------------------------------------------------------------ #

  access_log off;

  # ------------------------------------------------------------------------------------------------------------------ #
  # SSL.
  # ------------------------------------------------------------------------------------------------------------------ #

  ssl_certificate                       "${cert_path}/.acme/cert/${domain}/fullchain.pem";
  ssl_certificate_key                   "${cert_path}/.acme/cert/${domain}/privkey.pem";
  ssl_trusted_certificate               "${cert_path}/.acme/cert/${domain}/chain.pem";

  # ------------------------------------------------------------------------------------------------------------------ #
  # Redirect.
  # ------------------------------------------------------------------------------------------------------------------ #

  return 301 \$scheme://${domain}\$request_uri;

}
EOF
}

# -------------------------------------------------------------------------------------------------------------------- #
# -------------------------------------------------< INIT FUNCTIONS >------------------------------------------------- #
# -------------------------------------------------------------------------------------------------------------------- #

init "$@"; exit 0
